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DETAILED ACTION 

1. Claims 1-20 are pending in this office action. 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

. A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects fo[ purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21 (2) 
of such treaty in the English language. 

3. Claims 1-3. 5-13. and 16-19 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Berson et al. (U.S. Patent No. 6,938,154). 

Regarding claim 1 . Berson et al. teaches a method of securing a network device 
installed on a host comprising: 

• Initializing the network device without transmit functions (fig. 3, ref. num 306); 

• Receiving notification that the host has been authenticated (fig. 3, ref. num 314); 
and 

• In response to receiving notification that the host has been authenticated, 
enabling transmit functions of the network device (fig. 3, ref. num 318). 
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Regarding claim 2 , Berson et al. teaches wherein initializing the network device 
comprises initializing the network device without receive functions (col. 4, lines 60-62). 

Regarding claim 3 , Berson et al. teaches further comprising in response to 
receiving notification that the host has been authenticated, enabling receive functions of 
the network device (fig. 3, ref. num 318). 

Regarding claim 5 , Berson et al. teaches further comprising accessing a firewall 
policy server to download firewall policy information that is used by a firewall on the 
network device after enabling transmit functions of the network device (fig. 3, ref. num 
308 and 310). 

Regarding claim 6 , Berson et al. teaches wherein accessing a firewall policy 
server is performed before transmitting or receiving data from other clients or servers 
(fig. 3, ref. num 308 and 310). 

Regarding claim 7 , Berson et al. teaches wherein accessing a firewall policy 
server comprises authenticating the firewall policy server (col. 1, lines 43-45). 



Regarding claim 8 , Berson et al. teaches wherein receiving notification that a 
host has been authenticated includes receiving notification that the host has been 
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authenticated for a role, and wherein accessing a firewall policy server comprises 
downloading firewall policy information for the role (col. 4, lines 60-62). 

Regarding claim 9 , Berson et al. teaches further comprising receiving firewall 
policy information communicated to the host and using the firewall policy information at 
a hardware based firewall on the network device (fig. 1 , ref. num 112). 

Regarding claim 10 , Berson et al. teaches a network device for use in a host on a 
network, the network device comprising: 

• A network port adapted to send and receive network information (fig. 2, ref. num 
234); and 

• A module that disables at least one of transmit and receive functionality to the 
network port of the network device until the network device is notified that the 
host has been authenticated (fig. 3, ref. num 314 and 318). 

Regarding claim 11 , Berson et al. teaches further comprising a firewall that is 
adapted to prevent the network device from communicating with other devices 
according to firewall policy information stored at the firewall (fig. 1, ref. num 1 12). 

Regarding claim 12 . Berson et al. teaches further comprising nonvolatile 
memory, and wherein the firewall policy information is stored in the nonvolatile memory 
(fig. 2, ref. num 216). 
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Regarding claim 13 , Berson et al. teaches wherein the network device is adapted 
to receive firewall policy information from a firewall policy server (fig. 5). 

Regarding claim 16 , Berson et al. teaches a network comprising: 

• A plurality of client computers wherein at least one of the client computers is 
adapted to disable at least one of transmit and receive functionality until a user at 
the at least one of the client computers has been authenticated (fig. 1 and fig. 3, 
ref. num 306, 314, and 318). 

Regarding claim 17 , Berson et al. teaches further comprising: 

• A firewall policy server coupled to the at least one of the client computers, the 
firewall policy server containing firewall policy information that defines at least 
one of blocked ports, blocked clients and allowed clients (col. 4, lines 36-37); and 

• Wherein the at least one of the client computers comprises a firewall wherein the 
at least one of the client computers is adapted to receive firewall policy 
information from the firewall policy server (fig. 1, ref. num 112 and fig. 5). 

Regarding claim 18 , Berson et al. teaches wherein the at least one of the client 
computers is configured to receive firewall policy information from the firewall policy 
server prior to communicating with other clients or servers 'comprised of the network 
(fig. 3, ref. num 308 and 310). 
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Regarding claim 19 , Berson et al. teaches a method of securing a network device 
installed on a host comprising: 

• Initializing the network device without receive functions (fig. 3, ref. num 306); 

• Receiving notification that the host has been authenticated (fig. 3, ref. num 314); 
and 

• In response to receiving notification that the host has been authenticated, 
enabling receiving functions of the network device (fig. 3, ref. num 318). 



Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. Claims 4, 14, 15, and 20 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Berson et al. (USPN '154). 

Regarding claims 4 and 20 , Berson et al. teaches all the limitations of claims 1 
and 19, respectively, above. However, Berson et al. does not specifically teach wherein 
enabling receive functions of the network device comprises routing received data to a 
network stack. However, Berson et al. does disclose network devices (see col. 2, lines 
22-24), which utilize network protocols to communicate, and therefore should use a 
network stack. 
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It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine routing received data to a network stack, with the 
method of Berson et al. It would have been obvious for such modifications because a 
network stack is used to provide communication between two interconnected devices, 
such as the printer and copier disclosed in Berson et al. « 

Regarding claim 14 , Berson et al. teaches all the limitations of claim 10, above. 
However, Berson et al. does not specifically teach wherein the network device is 
embodied as a network interface card. However, Berson et al. does teach network 
devices, such as printers, copiers, and faxes (see col. 2, lines 22-24). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to use a network interface card as a network device, with the 
device of Berson et al. It would have been obvious for such modifications because a 
network device allows communications to other devices; by securing the network 
devices, the transmission of data can be secured. 

Regarding claim 15 , Berson et al. teaches wherein the network device is 
embodied as a Secure CardBus network card (see col. 2, lines 22-24, the specific 
network device is not listed, but is an obvious networking device to use). 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brandon S Hoffman whose telephone number is 571- 

272- 3863. The examiner can normally be reached on M-F 8:30 - 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser G. Moazzami can be reached on 571-272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 

273- 8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Brandon Hoffman/ 




